No Business Is Too Small for Hackers
Whether it’s a state sponsored cyber war, a hactivist or your run of the mill hacker, small business owners have to be prepared if their computer resources go down.
Most small businesses would survive a halt in operations for a short period of time, but if they can’t access the Internet or client data for an extended amount of time it could mean the end of the business entirely.
“We’ve gotten so used to technology that we aren’t even saving one or two days’ worth of money,” says Dave Chronister, founder of Parameter Security. “Doing something as simple as that can help if there was an outage.”
Although the jury is out on whether or not there will ever be an all-out cyber war, the Internet isn’t completely safe, especially for small businesses, which are becoming a bigger target. The way Chronister sees it, State sponsored cyber wars will look more like the protracted Cold War as opposed to a major single attack.
“We’ll see more skirmishes, which are happening all over the place,” says Chronister. “A lot of times it doesn’t look like a battle or a war it looks more like isolated incidents.”
Regardless of the type of attack, small businesses must prepare for infrastructure compromises (which could shut down the power grid and thus access to the computer systems), organized criminal groups using small business computers to launch an attack or or natural disasters like Hurricane Sandy which resulted in massive flooding and power outages for more than two weeks in some areas.
“It could mean no Internet, it could mean no power, a disruption to the water system, or not being able to take out money,” says Rohit Sethi, VP at Security Compass, a security consulting company. “It doesn’t matter if it’s a cyber-war or organized crime. You prepare the same way.”
According to experts, to prepare for a potential disruption, small business owners have to assume an outage of more than a few hours could happen and put in place a business continuity plan. Business owners need a backup plan for if and when the physical data center goes down and he or she can’t access mission critical data. If you are a business that takes payments, you’ll have to figure out a plan if the banking system crashes, and if you deal with a slew of vendors you not only want to have their contact information on hand but you also want to have fall-back vendors in place if your normal suppliers are also impacted from the event.
Small businesses have to make sure they are investing in the right infrastructure to monitor for any infiltrations, says Sethi.
“What happens if someone did get into the server, would you know about it?” says Sethi. He says small businesses also have to think about how they would contain a breech and how they would notify clients and customers if some sort of attack were to happen.
“They need to make sure they are not part of the problem,” adds Chronister. “They have to make sure their systems are up-to-date on their anti-virus software.”
Chronister says it behooves small business owners to do some testing to ensure their systems are secure and don’t have any information a hacker would want. And even if the small business sells flip flops, Chronister says it has to act as if they have highly critical data residing on their computers.
“Just because you don’t have any information doesn’t mean your resources aren’t desirable to a hacker,” says Chronister. “Keep your systems as secure as possible and understand it’s not a matter of if you will have an outage, but when.”